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CLAIMS 

What is claimed is: 



1 1 . A settop terminal in a subscriber television system, the settop terminal 

2 comprising: 

3 a first memory having an encrypted first key and an encrypted device key set 

4 stored therein; 

5 a secure element having a processor and a second memory, wherein the second 

6 memory is accessible only to the processor and has a private-key of a 

7 private-key/public-key pair stored therein, wherein the processor is 

8 adapted to decrypt the encrypted first key using the private-key, and 

9 wherein the decrypted first key is used to decrypt the encrypted device key 

10 set; and 

1 1 an adaptive output interface adapted to utilize a device key set to determine a 

12 , shared-secret key with a receiver in communication therewith and adapted 

13 to provide an encrypted stream of content to the receiver using the shared- 

14 secret key to encrypt the stream of content. 
15 

1 2. The settop terminal of claim 1, wherein the device key set is used with protocols 

2 for high-bandwidth digital content protection. 
1 

1 3. The settop terminal of claim 1, wherein the device key set is used with protocols 

2 for digital transmission content protection. 

1 4. The settop terminal of claim 1, wherein the adaptive output interface includes at 

2 least one of a digital visual interface and a High-Definition Multimedia Interface 

3 [HDMI]. 

1 5. The settop terminal of claim 1, wherein the output interface includes an IEEE 

2 1394 interface. 
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1 6. The settop terminal of claim 1, further including: 

2 a second processor adapted to receive the decrypted first key and decrypt the 

3 encrypted device key set using the decrypted first key and provide the decrypted 

4 device key set to the adaptive output interface. 

5 

1 7. The settop terminal of claim 6, wherein second processor implements a symmetric 

2 cryptographic algorithm using the device-key set decryptor as a key to decrypt the 

3 encrypted device-key set. 

1 8. The settop terminal of claim 7, wherein the symmetric cryptographic algorithm is 

2 a 3DES algorithm. 

1 9. The settop terminal of claim 7, wherein the symmetric cryptographic algorithm is 

2 a DES algorithm. 

1 1 0. The settop terminal of claim 1 , wherein the encrypted device key set and the 

2 encrypted first key are stored in the first memory prior to installing the settop terminal in 

3 the subscriber television system. 
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1 11. In a subscriber television system having a headend in communication with a 

2 plurality of settop terminals including a given settop terminal, the given settop terminal 

3 comprising: 

4 a first memory having an encrypted first key and an encrypted device key set 

5 stored therein; 

6 a secure element having a first processor and a second memory, wherein the 

7 second memory is accessible only to the first processor and has a private- 

8 key of a private-key/public-key pair stored therein, wherein the first 

9 processor is adapted to decrypt the encrypted first key using the private- 

10 key; 

1 1 an input port receiving a stream of content from the headend; 

12 a second processor adapted to determine from the stream of content whether the 

13 content of the stream of content is protected and adapted to receive the 

14 decrypted first key and decrypt the encrypted device key set using the 

15 decrypted first key; and 

16 an adaptive output interface adapted to implement the decrypted device key set to 

17 determine a shared-secret key with a receiver in communication therewith and, responsive 

18 to the first processor determining the content is protected, adapted to provide an 

19 encrypted stream of content to the receiver using the shared-secret key to encrypt the 

20 stream of content, and, responsive to the first processor determining the content is not 

21 protected, adapted to provide the stream of content to the receiver; 

1 12. The settop terminal of claim 11, wherein the device key set includes protocols for 

2 high-bandwidth digital content protection. 

1 13. The settop terminal of claim 11, wherein device key set includes protocols for 

2 digital transmission content protection. 

1 14. The settop terminal of claim 11, wherein the adaptive output interface includes at 

2 least one of a digital visual interface and a High-Definition Multimedia Interface 

3 [HDMI]. 
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1 15. The settop terminal of claim 1 1 , wherein the output interface includes an IEEE 

2 1394 interface. 

1 16. A method of providing a receiver with a stream of content, the method 

2 implemented in a settop terminal in a subscriber television system, the method 

3 comprising the steps of: 

4 decrypting an encrypted first key using a private-key of a private-key/public-key 

5 pair belonging to the settop terminal, wherein the first key is decrypted 

6 inside of a secure-element having a processor and a memory, wherein the 

7 private-key is accessible to only the processor; 

8 decrypting an encrypted device key set using the decrypted first key; 

9 providing the decrypted device key set to an adaptive output interface; 

10 determining a shared-secret key with the receiver using the decrypted device key 

1 1 set; and 

12 outputting the stream of content to the receiver. 

1 17. The method of claim 1 6, prior to the step of outputting, further including the steps 

2 of: 

3 determining whether the content of the stream of content is protected content; and 

4 responsive to determining the content is protected, encrypting the content of the stream of 

5 content using the shared-secret key, wherein the output stream of content is encrypted. 

1 18. The method of claim 17, prior to the step of encrypting the content, further 

2 including the steps of: 

3 receiving a second encrypted stream of content; and 

4 decrypting the second stream of content, wherein the decrypted second stream of 

5 content is the stream of content that is encrypted in the encryption step. 
1 
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1 19. A method of providing a receiver with a stream of content, the method 

2 implemented in a settop terminal in a subscriber television system, the method 

3 comprising the steps of: 

4 decrypting an encrypted first key using a private-key of a private-key/public-key 

5 pair belonging to the settop terminal, wherein the first key is decrypted 

6 inside of a secure-element having a processor and a memory, wherein the 

7 memory is accessible to only the processor and has the private-key stored 

8 therein; 

9 decrypting an encrypted device key set using the decrypted first key; 

10 providing the decrypted device key set to an adaptive output interface; 

1 1 negotiating a shared-secret key with the receiver using the decrypted device key 

12 set; 

13 receiving a stream of content from a headend of the subscriber television system; 

14 determining whether the receiver is entitled to access the stream of content; 

15 determining whether the received stream of content is encrypted content; and 

16 outputting the stream of content to the receiver. 

1 20. The method of claim 16, prior to the step of outputting, further including the steps 

2 of: 

3 determining whether the content of the stream of content is protected content; and 

4 responsive to determining the content is protected, encrypting the content of the stream of 

5 content using the shared-secret key, wherein the output stream of content is encrypted. 
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